Posted on February 24, 2023 at 10:57 AM
Hackers use fake ChatGPT apps to install Windows and Android malware
Hackers have been exploiting the growing popularity of ChatGPT, a chatbot owned by OpenAI. This chatbot has become an internet sensation since its launch. Still, the growing popularity has attracted the interest of hackers using it to distribute malware on Android and Windows devices. The chatbot is also being used to direct unsuspecting victims to phishing websites.
Hackers use ChatGPT to distribute malware
OpenAI launched ChatGPT in November 2022. This platform is increasingly becoming one of the fastest-growing consumer applications in modern history. The chatbot has a large global presence, with over 100 million users by January 2023.
The fast adoption of this tool forced OpenAI to change from a free model to a paid subscription. The company launched a $20 monthly paid tier known as ChatGPT Plus. This tier targets individuals that want to use this chatbot without any restrictions on availability.
This move has created multiple opportunities for threat actors that want to exploit the popularity. These threat actors have been taking advantage of the vast usage of ChatGPT to promise users access to uninterrupted and free access to the premium ChatGPT, which needs a $20 fee.
However, the free version offered by these hackers is fake. The offer of getting the chatbot for free is false because, instead, the goal of the threat actors is to lure users into installing malware on the chatbot or to provide details about user accounts. The phishing campaign can have notable effects because of the massive popularity of this platform.
Security researcher Dominic Alvieri first detected the activity of threat actors on ChatGPT. He was among the first people to detect an actual case of a hacker luring ChatGPT users by promising them access to ChatGPT Premium. Alvieri detected a domain “chat-gpt-pc.online” used to infect users.
The hackers used this domain to target visitors using the Redline information-stealing malware. This malware was disguised as a download for a desktop client for ChatGPT Windows. The website promising users free access was promoted on a page in Face. The Facebook page used the official ChatGPT logos to lure users into the malicious website.
Alvieri also detected fake ChatGPT apps that were being promoted on Google Play Store and third-party Android application stores. These fake apps were being used to install malicious software into people’s devices.
Other researchers detect ChatGPT exploits
Alvieri is not the only researcher who has detected the possible exploitation of ChatGPT. Researchers at Cyble have released a report presenting additional findings about the malware distribution campaign that was unearthed by Alvieri and the malicious operations of hackers as they attempted to exploit the popularity of ChatGPT.
The Cyble research detected that “chatgpt-go.online” was another domain being used by hackers to distribute malware. This domain steals clipboard content and obtains access to the Aurora stealer.
The “chat-gpt-pc[.]online was used by threat actors to distribute the Lumma information stealer, according to the investigations conducted by Cyble. The other domain used by the threat actors is “openai-pc-pro[.]online that was used to drop an unknown malware family into the platform.
Moreover, Cyble also noted the use of the “pay.chatgptftw.com.” This domain was a credit card stealing page. The page lures users by offering them a payments portal where they can purchase access to ChatGPT Plus.
Besides using domains, these hackers were also using fake applications. According to Cyble, it detected more than 50 malicious applications that used the icon of ChatGPT and a similar name. The icon and the name were all fake, and they attempted to launch harmful activities on user devices.
The report highlighted two examples of fake apps used by hackers, including chatGPT1 and AI Photo. ChatGPT1 is an application that conducts SMS billing fraud, while AI Photo is an application that contains the Spynote malware. This malware can access call logs, contact lists, SMS, and files from the user’s devices.
ChatGPT is a chatbot only available online through the “chat.openai.com domain.” OpenAI has yet to offer a mobile or desktop application supporting the chatbot. However, hackers are tricking users into the availability of an app version of the malware.
The apps and other websites that claim to be ChatGPT are malicious, and their goal is to scam users or infect them with malware. These apps and sites should be seen as suspicious, with users being urged to watch out for them and not fall for the tricks being used by the hackers.